Solved

linux router question

Posted on 2009-07-07
5
281 Views
Last Modified: 2012-05-07
I have two networks, 192.168.1 and 192.168.2.

Between them sits a linux box, running iptables.  Actually it's a snapgear 530, but that shouldn't matter, it's just an embedded linux.

I want people on the two networks to be able to access machines on the other, but I don't know how to tell it to do this.
I don't want NAT, FULL access to everything... I'll then restrict stuff with IPTABLES.

I'm just not sure how to tell it to do this?

I do know I need to put a route command on my firewall to tell machines to back up and try the other router.
Thanks
0
Comment
Question by:bennybutler
  • 3
  • 2
5 Comments
 
LVL 14

Expert Comment

by:mds-cos
ID: 24798402
It is not just a matter of routing.  You need to configure the SnapGear with a second IP address so that it is "on" both network segments.

If the firewall is also providing access to the Internet through the untrust interface ("internet" on a SnapGear), you can set up a second IP address on the LAN interface.  Do this in Advanced IP Configuration from the IP Configuration screen.  You will also need to set up appropriate rules to allow traffic to pass between the two segments.

If the firewall is strictly being used for routing between the segments, you will probably already have the IP addresses set up for the two segments on your LAN and Internet ports.  From here it is a matter of configuring the rules / port forwarding to allow traffic to pass as you want it to.
0
 
LVL 14

Expert Comment

by:mds-cos
ID: 24798428
P.S.  If the firewall is for routing (e.g. one segment on LAN and one on Internet), you would turn off NAT in the Advanced IP Configuration screen as well.
0
 
LVL 1

Author Comment

by:bennybutler
ID: 24798437
Here's where I'm at.
Router is on both networks, 192.168.1.14/192.168.2.14
Gateway on 192.168.1.1 tells all machines to use 2.14 to get to 192.168.2 network.

It works great, any machine on 1 can get to any machine on 2.

Problem is, snapgear wants to play firewall, so anything on 2 wants to be NAT'd to get to 1.  I don't want or need NAT, I just want it to treat the 'internet' interface the same as it does the 'wan' interface.
0
 
LVL 1

Author Comment

by:bennybutler
ID: 24798489
maybe I need to create a reverse of this:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
   12   720 EstabRelFwd  all  --  *      *       0.0.0.0/0            0.0.0.0/0          
    6   360 LanFwd     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0          
    0     0 WanFwd     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0          
    0     0 DefDeny    all  --  *      *       0.0.0.0/0            0.0.0.0/
0
 
LVL 14

Accepted Solution

by:
mds-cos earned 50 total points
ID: 24798587
SnapGear it is a purpose built firewall appliance that uses embedded Linux.  So trying to get it to "forget" it is a firewall is not really a supported configuration.  But you should be able to do it.  Having said this, I will suggest that buying a cheap Linksys or Netgear router might work better for you.

I only have access to a SnapGear 550, so am having to assume that your interface is at least similar.  Can you turn off NAT in the Advanced IP Configuration as suggested above?
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Linux DNS problems 23 406
How to run a Linux Command from a different other than Root in Linux 5 111
Iptables and mirroring ports 4 84
Remote desktop Ubuntu from Windows 10 5 62
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question